Are all ISO certifications created equal?
When it comes to ISO certifications, it is easy to assume that they are all equal, as long as they bear the coveted ‘ISO’ label. However, the reality is more nuanced than that. International Standards, such as those developed by the International Organisation for Standardisation (ISO), are designed to promote global consistency, quality and efficiency across a range of industries and practices. While these standards themselves are rigorously formulated and agreed upon internationally, the certification process that confirms an organisation’s compliance with these standards can vary significantly. Factors such as the accrediting body, the credibility of the certification body and the specific requirements of different industries can all influence the value and recognition of an ISO certificate. Understanding these differences is crucial for organisations seeking certification to ensure they achieve the intended benefits of credibility and market acceptance. Written by our Account Manager Lily Stevens and Head of Quality and Regulatory, Daniel Mannion, this blog aims to explain the nuances of ISO certification and help organisations make the right investments in certification.What are International Standards?
International standards are internationally agreed-upon guidelines and best practices that address a wide range of subjects, including but not limited to quality management, environmental management, information security, and occupational health and safety. They have been developed by international organisations to promote consistency, compatibility and efficiency worldwide with each standard being developed through a rigorous consensus-based process. The most prevalent of these organisations responsible for developing standards is the International Organisation for Standardisation more commonly known as ISO.What is a Management System Standard?
Management System Standards are a specific set of ISO standards that address how to run an organisation to achieve particular goals (e.g. ISO 9001 or ISO 13485 for quality management, ISO 14001 for environmental management, or ISO 27001 for information security management). These are some of the most common management system standards encountered in a healthcare environment due to their applicability to Medical Device manufacturing or the preservation of patient-identifiable data. Whilst some are not mandatory requirements for doing business anywhere in the world, businesses that make regulated Medical Devices will be required to be certified against Management System Standards such as ISO 13485. Only organisations (not products) can be certified against a Management System Standard and whilst there are a few exceptions, they are the most common standards which businesses will choose to be certified against.What is ISO Certification?
Certification is a formal process by which an independent, accredited body (not ISO itself) verifies that an organisation’s management system complies with the requirements of a specific ISO standard. Certification provides evidence that the organisation has implemented and maintains effective systems and processes in line with international best practices and the principles of the standard.How does ISO Certification work?
A certification body is an independent organisation that is accredited to evaluate whether a company, organisation, or system complies with the specific requirements of an ISO Management System standard. A certification body will provide: Assessment and Auditing: Certification bodies conduct audits and assessments of organisations to ensure their management systems meet the requirements of the relevant ISO Management System Standard. Certification Issuance: If the organisation successfully meets the standard’s requirements, the certification body issues a certificate. This certificate serves as “formal”/independent recognition that the organisation’s management system complies with the specific ISO standard. Surveillance Audits: After issuing the certification, certification bodies conduct regular surveillance audits -usually annually – to ensure the organisation continues to comply with the standard. Re-certification Audits: Typically conducted every three years, re-certification audits are more comprehensive than surveillance audits and are designed to confirm ongoing compliance with the standard over the certification cycle. Independence and Impartiality: Certification bodies must operate independently from the organisations they audit to maintain objectivity and credibility. They are often accredited by national or international accreditation bodies that ensure the certification body’s competence, impartiality, and performance.Accreditation and Certification Bodies
Certification bodies themselves are accredited organisations and are usually accredited by an accreditation body, which is a government-regulated or internationally recognised organisation that certifies the competency of the certification bodies. This double-layered approach—where accreditation bodies oversee certification bodies—helps maintain the integrity and trustworthiness of ISO certifications globally.UKAS and UK Regulations:
In the UK, the United Kingdom Accreditation Service (UKAS) is the sole national accreditation body*. UKAS was appointed by the UK Government Department of Business, Innovation and Skills (now replaced by other Departments) in 2009 under the Accreditation Regulations 2009. This appointment empowers UKAS to accredit certification bodies in the UK for management system standards certification, among other activities. This also means that the UK public sector (including its suppliers) and regulated industries (like medical devices) should and often do only accept certificates issued by UKAS-accredited certification bodies (or equivalent under the IAF as per below) as valid certificates. This is also common practice in the private sector. *Except for the UK government cyber security scheme Cyber Essentials, which is accredited by IASME.EU Regulations and IAF
The European Union established a similar framework to the UK with Regulation (EC) 765/2008, which provides a legal basis for accreditation services across Europe. This regulation requires each EU member state to appoint a single national accreditation body, equivalent to UKAS in the UK. The International Accreditation Forum (IAF) is a global association of accreditation bodies, including UKAS from the UK as well as EU, US, Canadian and Japanese to a total of 84 accreditation bodies. Each country’s recognised accreditation body for Management Systems are allowed to join the IAF as long as they agree to mutual recognition of accreditation and certification (called the IAF MLA).. This international recognition ensures that accreditations from certification bodies that are members of the IAF (like UKAS) are respected worldwide as equivalent to the certification bodies accredited by local accreditation bodies – for example, certificates from certification bodies accredited by the UK accreditation body (UKAS) should be accepted by German public organisations as equivalent to certificates from certification bodies accredited by the German accreditation body (DAkkS) and vice versa. Both the UK Accreditation Regulations 2009 and EC 765/2008 aim to align accreditation practices. They require accreditation to be carried out against recognised standards, for example in the UK, those adopted by the British Standards Institution (BSI) as British Standards (BS) in the UK.What to watch out for
Organisations seeking ISO certification should ensure their chosen certification body is accredited by an official national accreditation body (such as UKAS in the UK). This accreditation guarantees that the certification process meets international standards and is recognised globally. Certificates issued by non-accredited bodies may be disregarded by clients and could negatively impact business growth and tender applications. By adhering to this accreditation framework, the UK and EU maintain a robust and internationally recognised system for ISO certifications, ensuring consistency, reliability, and global acceptance of certified management systems.Alternative Certification Bodies
Whilst the IAF is considered the gold standard for certification internationally due to the close alignment and oversight of the government, there are alternative certification organisations which are independently accredited. Most notably, the Accreditation Service for Certifying Bodies (ASCB). Whilst organisations accredited by ASCB may offer a cheaper and more accessible option for businesses to receive an ISO certification, it’s important to remember that in the UK Public Sector, they are not a recognised certification body.Summary
ISO standards are internationally agreed-upon guidelines and best practices developed by experts to address various aspects of business operations, product quality and management systems. ISO Certification is a formal process where an independent body verifies an organisation’s compliance with a specific ISO standard. This certification provides evidence of adherence to international best practices and can enhance an organisation’s credibility and competitiveness, but organisations should exercise caution in choosing the appropriate certification route in order to ensure its acceptance by potential customers. Useful Links:Get expert ISO compliance support today.
Ready to accelerate growth with streamlined ISO compliance? Book your free, no obligation discovery call with one of our compliance experts below.